![[Guide Home]](../resources/misc/oplogo_green.jpg){kind=small}
|
The Web Hikers guide to
|
Home > FAQ
![[Green colours with tiny sized fonts]](../resources/misc/css_green_small.gif){kind=small}
![[Green colours with medium sized fonts]](../resources/misc/css_green_regular.gif){kind=small}
![[Green colours with large sized fonts]](../resources/misc/css_green_large.gif){kind=small}
![[Orange colours with tiny sized fonts]](../resources/misc/css_orange_small.gif){kind=small}
![[Orange colours with medium sized fonts]](../resources/misc/css_orange_regular.gif){kind=small}
![[Orange colours with large sized fonts]](../resources/misc/css_orange_large.gif){kind=small}
![[Blue colours with tiny sized fonts]](../resources/misc/css_blue_small.gif){kind=small}
![[Blue colours with medium sized fonts]](../resources/misc/css_blue_regular.gif){kind=small}
![[Blue colours with large sized fonts]](../resources/misc/css_blue_large.gif){kind=small}
![[Grey colours with tiny sized fonts]](../resources/misc/css_grey_small.gif){kind=small}
![[Grey colours with medium sized fonts]](../resources/misc/css_grey_regular.gif){kind=small}
![[Grey colours with large sized fonts]](../resources/misc/css_grey_large.gif){kind=small}
FAQ
Hopefully this section will answer any questions you have about things to do with the internet or firewalls/Outpost. Throughout the guide there are links to relevant pages of this section so there is no need to read through 'FAQ' unless you really want to.
Questions
- Does outpost perform checksums on applications?
- Can outpost block a trojan if it resides in a driver?
- Does Outpost filter Raw Sockets?
- Does Outpost perform Application or Network level filtering?
- What does Outpost Write to the registry?
- What are the numbers prefixed by Fw and Web in the status bar?
- Why are the 'Allow Once' and 'Block Once' buttons sometimes disabled?
- What is the difference between the Reject option and the Deny option in the rule creations action pane?
- Which rules are processed first, System or Application?
- I don't want Outpost running in the system tray, is there anyway to hide the Outpost GUI?
- Outpost doesn't seem to be blocking cookies as I have loads of them on my hard drive. Is the cookie filtering broken?
- I went to a scanning site and it reported that I have an open port that should be closed. How to get Outpost to stealth the port?
- How does Outpost's engine process rules?
- What are lsass.exe, LSA Shell, LSASS, Local Security Authority System?
- How do I shutdown a plugin?
- What are the numbers in Outposts tray icon tool-tip?
- What is 'learning mode'?
Answers
Does Outpost perform checksums on applications?
Yes, Outpost uses MD5 to authenticate applications are legitimate.
Questions
Can Outpost block a Trojan if it resides in a driver?
Yes.
Questions
Does Outpost filter Raw Sockets?
Yes.
Questions
Does Outpost perform Application or Network level filtering?
Outpost filters both TDI and NDIS requests.
Questions
What does Outpost write to the registry?
Windows 9x
- run_helper
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - Driver
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\FILT95 - GUI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Outpost Firewall"="C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /noservice" - Engine
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "Outpost Firewall"="C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service"
Windows NT/2000
- run_helper
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - Drivers/Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OutpostFirewall
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VFILT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ADBLOCK.DLL
and so on for every plug-in - GUI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Outpost Firewall"="C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /noservice"
What are the numbers prefixed by Fw and Web in the status bar?
These are the number of Firewall and HTTP blocks Outpost has made.
Questions
Why are the 'Allow Once' and 'Block Once' buttons sometimes disabled?
They are only available for Outgoing connections. This is because Outpost puts the connection request on hold until you make a rule or click the 'Allow Once' and 'Block Once' buttons, but incoming connections are blocked automatically until you make a rule, which is why the buttons are disabled.
Questions
What is the difference between the Reject option and the Deny option in the rule creations action pane?
- Reject means Outpost drops the packet and sends a port unreachable packet to the source of the communication attempt which tells the source that the port is closed.
- Deny means Outpost drops the packet and doesn't notify the source that the port is closed, this 'stealths' the port.
Which rules are processed first, System or Application?
The System rules are checked after the Application rules.
Questions
I don't want Outpost running in the system tray, is there anyway to hide the Outpost GUI?
Yes. Open the 'Options' menu and select Options -> General... and uncheck Run Automatically at boot-up. This stops the GUI from starting at boot (the engine is still running). Now if on the same tab you have Apply rules without need of interface checked the engine will filter packets according to the rules you have already created. Outpost, in this state, is running in ![[Block Most mode icon]](../resources/snapshots/outpost/13.gif){kind=small}
Block Most Mode so any applications without rules will be blocked by default. If you uncheck Apply rules without need of interface then the rules will be ignored, it will be as if you didn't have any firewall running (the plugins are also disabled in this case).
Questions
Outpost doesn't seem to be blocking cookies as I have loads of them on my hard drive. Is the cookie filtering broken?
Outpost, like AtGaurd blocks the return of cookies, not the setting. This is because there are many ways to block cookies but only one way to send them.
Questions
I went to a scanning site and it reported that I have an open port the should be closed. How to get Outpost to stealth the port?
Please see this thread at Agnitum's forums.
Questions
How does Outpost's engine process rules?
Please see this thread at Agnitum's forums.
Questions
What are lsass.exe, LSA Shell, LSASS, Local Security Authority System?
Please see this thread at Agnitum's forums.
Questions
How do I shutdown a plugin?
First right click on the plugins name in the folder panel of the main window and uncheck enable. Then select from the 'Options' menu Options -> Plug-Ins Setup. The option window will open with the plug-ins tab selected, highlight the plugin you want shutdown and click on the button 'Stop'.
If you want to you can delete the following registry keys as well to permanently kill the plugin:
- Delete regkey
HKEY_LOCAL_MACHINE\SOFTWARE\Agnitum\Outpost Firewall\KernelPlugIns\??=[kernel plugin name].dll - Delete regkey
HKEY_LOCAL_MACHINE\SOFTWARE\Agnitum\Outpost Firewall\EnginePlugins\[plugin file]=0|1
What are the numbers in Outposts tray icon tool-tip?
These are your current IP addresses.
Questions
What is 'learning mode'?
This is a logging error that occurs while in ![[Rules Wizard mode icon]](../resources/snapshots/outpost/15.gif){kind=small}
Rules Wizard mode, it has been fixed in version 2. The way to get round the problem of an application being blocked due to 'learning mode' even if a rule exists is to put Outpost into any mode except Rules Wizard mode, like Block Most Mode. Then when an application that hasn't got any rules switch modes to Rules Wizard mode and create rules, then switch back to Block Most Mode.
Questions
Outpost and the Outpost logo are ©Agnitum Software
This is an unofficial guide, the information expressed here may differ from Agnitum's. There is a support forum (no longer run by Agnitum, but by users) if you need more help this is a good place to start. Where information here conflicts with what Agnitum have told you always go with the information given to you by Agnitum.
Guide/site and images ©Stephen Cox